ALL Cisco IOS Vulnerable to DoS
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: ALL Cisco IOS Vulnerable to DoS

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    ALL Cisco IOS Vulnerable to DoS

    Cisco released an advsiory today that ALL Cisco routers running Cisco IOS that are configured to process IPv4 packets are vulnerable to a denial-of-service condition.

    Here is an excerpt from the advisory:

    Cisco routers and switches running Cisco IOS® software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
    To read the full advisory and the suggested workaround click here: Cisco Advisory

  2. #2
    Senior Member
    Join Date
    Jan 2003
    Posts
    274
    Ah, yet another reason to be happy that I purchased $600k worth of Foundry products for this round of upgrades instead of Cisco.

  3. #3
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    In all cases, customers should exercise caution to be certain the devices
    to be upgraded contain sufficient memory and that current hardware and
    software configurations will continue to be supported properly by the new
    release. If the information is not clear, contact the Cisco TAC for
    assistance, as shown in the section following this table.
    Code:
    +------------------------------------------------------------------------+
    |Train |Description of   |Availability of Fixed Releases                 |
    |      |Image or Platform|                                               |
    |------------------------+-----------------------------------------------+
    |  11.x based releases   |   Rebuild   |Interim|       Maintenance       |
    |------------------------+-------------+-------+-------------------------+
    |11.1CA|                 |11.1(36)CA4**|       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |11.2  |                 |11.2(26e)**  |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |11.2P |                 |11.2(26)P5** |       |                         |
    |------+-----------------+-----------------------------------------------+
    |11.3  |                 |Not scheduled                                  |
    |------+-----------------+-----------------------------------------------+
    |11.3T |                 |Not scheduled                                  |
    |------------------------+-----------------------------------------------+
    |12.0 based releases     |Rebuild      |Interim|Maintenance              |
    |------------------------+-------------+-------+-------------------------+
    |      |General          |             |       |                         |
    |12.0  |Deployment       |             |       |12.0(26)                 |
    |      |release for all  |             |       |                         |
    |      |platforms        |             |       |                         |
    |------+-----------------+-----------------------------------------------+
    |12.0DA|xDSL support:    |Migrate to 12.2DA;  12.2(10)DA2 - Aug-15-2003, |
    |      |6100, 6200       |12.2(12)DA3 - Aug-22-2003:  Engineering        |
    |      |                 |Specials available on request.                 |
    |------+-----------------+-----------------------------------------------+
    |12.0DB|Early Deployment |Migrate to 12.3(1a)                            |
    |      |6400 UAC for NSP |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.0DC|Early Deployment |Migrate to 12.3(1a)                            |
    |      |6400 UAC for NRP |                                               |
    |------+-----------------+-----------------------------------------------+
    |      |                 |12.0(24)S2   |       |                         |
    |      |                 |12.0(23)S3   |       |                         |
    |      |                 |12.0(22)S5   |       |                         |
    |      |                 |12.0(21)S7   |       |                         |
    |      |                 |12.0(19)S4   |       |                         |
    |      |Core/ISP support:|12.0(18)S7   |       |                         |
    |12.0S |GSR, RSP, c7200, |12.0(17)S7   |       |12.0(25)S                |
    |      |c10k             |12.0(16)S10  |       |                         |
    |      |                 |12.0(15)S7   |       |                         |
    |      |                 |12.0(14)S8   |       |                         |
    |      |                 |12.0(13)S8   |       |                         |
    |      |                 |12.0(12)S4   |       |                         |
    |      |                 |12.0(10)S8   |       |                         |
    |------+-----------------+-----------------------------------------------+
    |12.0SC|Cable/broadband  |Migrate to 12.1(19)EC                          |
    |      |ISP: ubr7200     |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.0SL|100000 ESR:c10k  |Migrate to 12.0(23)S3, **12.0(17)SL9 -         |
    |      |                 |Jul-15-2003                                    |
    |------+-----------------+-----------------------------------------------+
    |12.0SP|Early Deployment |Migrate to 12.0(22)S5                          |
    |------+-----------------+-----------------------------------------------+
    |      |Early Deployment |12.0(21)ST7  |       |                         |
    |12.0ST|release for Core/|12.0(20)ST6  |       |                         |
    |      |ISP support: GSR,|12.0(19)ST6  |       |                         |
    |      |RSP, c7200       |12.0(17)ST8  |       |                         |
    |------+-----------------+-----------------------------------------------+
    |12.0SX|Early Deployment |Migrate to 12.0(22)S5                          |
    |------+-----------------+-----------------------------------------------+
    |12.0SY|Early Deployment |Migrate to 12.0(23)S3                          |
    |------+-----------------+-----------------------------------------------+
    |12.0SZ|Early Deployment |Migrate to 12.0(23)S3                          |
    |------+-----------------+-----------------------------------------------+
    |12.0T |Early Deployment |12.0(7)T3**  |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |      |85xx ls1010      |             |       |12.0(26)W5(28)           |
    |      |-----------------+-------------+-------+-------------------------+
    |      |c5atm            |12.0(24)W5   |       |                         |
    |      |                 |(26a)        |       |                         |
    |      |-----------------+-------------+-------+-------------------------+
    |      |Cat4232 and      |12.0(25)W5   |       |                         |
    |      |Cat2948G-L3      |(27)         |       |                         |
    |12.0W5|-----------------+-------------+-------+-------------------------+
    |      |C6MSM,C5rsfc,    |Engineering  |       |                         |
    |      |C5rsm,           |Special      |       |                         |
    |      |                 |available on |       |                         |
    |      |                 |request      |       |                         |
    |      |-----------------+-------------+-------+-------------------------+
    |      |C3620, C3640,    |             |       |                         |
    |      |C4500, C7200, RSP|             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.0WC|Early deployment |12.0(05)WC8  |       |                         |
    |      |2900XL-LRE,2900XL|             |       |                         |
    |      |/3500XL; 2950    |             |       |                         |
    |      |release          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.0WT|Early deployment |Engineering  |       |                         |
    |      |Catalyst         |Special      |       |                         |
    |      |switches:        |Available    |       |                         |
    |      |cat4840g,        |upon request |       |                         |
    |------+-----------------+-----------------------------------------------+
    |12.0X |Shortlived Early |All 12.0X(any letter) releases have migrated to|
    |(l)   |Deployment       |either 12.0T or 12.1 unless otherwise          |
    |      |Releases         |documented in the X release technical notes    |
    |      |                 |pertaining to the specific release. Please     |
    |      |                 |check migration paths for all 12.0X releases.  |
    |------------------------+-----------------------------------------------+
    |12.1 based releases     |Rebuild      |Interim|Maintenance              |
    |------------------------+-------------+-------+-------------------------+
    |      |General          |             |       |                         |
    |12.1  |Deployment       |             |12.1   |12.1(19)                 |
    |      |release for all  |             |(18.4) |                         |
    |      |platforms        |             |       |                         |
    |------+-----------------+-----------------------------------------------+
    |12.1AA|                 |Migrate to 12.2                                |
    |------+-----------------+-----------------------------------------------+
    |12.1AX|Catalyst 3750    |12.1(14)EA1 -|       |                         |
    |      |                 |Engineering  |       |                         |
    |      |                 |special      |       |                         |
    |      |                 |available    |       |                         |
    |      |                 |upon request |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.1AY|Catalyst 2940    |             |       |12.1(13)AY               |
    |------+-----------------+-----------------------------------------------+
    |12.1DA|6160 platform    |Migrate to 12.2DA                              |
    |------+-----------------+-----------------------------------------------+
    |12.1DB|6400 UAC         |Migrate to 12.3(1a)                            |
    |------+-----------------+-----------------------------------------------+
    |12.1DC|6400 UAC         |Migrate to 12.3(1a)                            |
    |------+-----------------+-----------------------------------------------+
    |12.1E |Core Enterprise  |12.1(8b)E14  |       |12.1(19)E                |
    |      |support - c7200, |12.1(13)E7   |       |                         |
    |      |Catalyst 6000,   |12.1(14)E4   |       |                         |
    |      |RSP              |**12.1(12c)E7|       |                         |
    |      |                 |12.1(11b)E12-|       |                         |
    |      |                 |Aug-4-2003   |       |                         |
    |      |                 |12.1(6)E12   |       |                         |
    |------+-----------------+-----------------------------------------------+
    |12.1EA|12.1(4)EA        |Migrate to 12.1(13)EA1c                        |
    |      |12.1(6)EA        |                                               |
    |      |12.1(8)EA        |                                               |
    |      |12.1(9)EA        |                                               |
    |      |12.1(11)EA       |                                               |
    |      |-----------------+-----------------------------------------------+
    |      |12.1(12c)EA      |12.1(13)EA1c |       |                         |
    |      |12.1(13)EA       |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.1EB|LS1010           |             |       |12.1(14)EB               |
    |------+-----------------+-------------+-------+-------------------------+
    |12.1EC|Early Deployment |             |       |12.1(19)EC (scheduled    |
    |      |                 |             |       |last week of July)       |
    |------+-----------------+-------------+-------+-------------------------+
    |12.1EV|Early Deployment |             |       |12.1(12c)EV              |
    |------+-----------------+-------------+-------+-------------------------+
    |12.1EW|Early Deployment |             |       |12.1(13)EW,12.1(19)EW    |
    |      |Cat4000 L3       |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.1EX|Early deployment |12.1(13)EX2  |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.1EY|  |              |12.1(14)E4   |       |                         |
    |------+--+--------------+-------------+-------+-------------------------+
    |12.1YJ|  |              |12.1(14)EA1 -|       |                         |
    |      |  |              |Jul-28-2003  |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.1T |Early deployment |12.1(5)T15** |       |                         |
    |------+-----------------------------------------------------------------+
    |12.1X |12.1X releases generally migrate to 12.1T, 12.2 or 12.2T as      |
    |(l)   |specified below. Please refer to specific train Technical notes  |
    |      |for documented migration path.                                   |
    |------+-----------------------------------------------------------------+
    |12.1XA|Short lived Early|Migrate to 12.1(5)T15                          |
    |      |Deployment       |                                               |
    |      |Release          |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.1XC|Short lived Early|Migrate to12.2(17)                             |
    |12.1XD|Deployment       |                                               |
    |12.1XH|Releases         |                                               |
    |12.1XI|                 |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.1XB|Short lived Early|Migrate to 12.2(15)T5                          |
    |12.1XF|Deployment       |                                               |
    |12.1XG|Releases         |                                               |
    |12.1XJ|                 |                                               |
    |12.1XL|                 |                                               |
    |12.1XP|                 |                                               |
    |12.1XR|                 |                                               |
    |12.1XT|                 |                                               |
    |12.1YB|                 |                                               |
    |12.1YC|                 |                                               |
    |12.1YD|                 |                                               |
    |12.1YH|                 |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.1XM|Short lived Early|Migrate to 12.2(2)XB11                         |
    |12.1XQ|Deployment       |                                               |
    |12.1XV|Releases         |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.1XU|Short lived Early|Migrate to 12.2(4)T6                           |
    |      |Deployment       |                                               |
    |      |Release          |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.1YE|Short lived Early|Migrate to 12.2(2)YC                           |
    |12.1YF|Deployment       |                                               |
    |12.1YI|Release          |                                               |
    |------------------------+-----------------------------------------------+
    |12.2 based releases     |Rebuild      |Interim|Maintenance              |
    |------------------------+-------------+-------+-------------------------+
    |      |General          |12.2(16a)    |       |                         |
    |12.2  |Deployment (GD)  |12.2(12e)    |       |12.2(17)                 |
    |      |candidate for all|12.2(10d)    |       |                         |
    |      |platforms        |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2B |12.2(2)B-12.2(4) |12.3(1a)     |       |                         |
    |      |B7               |             |       |                         |
    |      |-----------------+-------------+-------+-------------------------+
    |      |12.2(4)B8-12.2   |12.2(16)B1   |       |                         |
    |      |(16)B            |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2BC|Early Deployment |12.2(15)BC1  |       |                         |
    |      |Release          |(Scheduled   |       |                         |
    |      |                 |end of July) |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2BW|Early Deployment |Migrate to   |       |                         |
    |      |for use with     |12.3(1a)     |       |                         |
    |      |7200, 7400, and  |             |       |                         |
    |      |7411 platforms   |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2BX|Broadband/Leased |             |       |12.2(16)BX               |
    |      |line             |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2BZ|Early Deployment |12.2(15)BZ1  |       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-----------------------------------------------+
    |12.2CX|Early Deployment |Migrate to 12.1(15)BC1                         |
    |      |Release          |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.2CY|Early Deployment |Migrate to 12.1(15)BC1                         |
    |      |Release          |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.2DA|Early Deployment |12.2(10)DA2 -|       |                         |
    |      |Release          |Jul-15-2003  |       |                         |
    |      |                 |12.2(12)DA3 -|       |                         |
    |      |                 |Aug-22-2003  |       |                         |
    |      |                 |Enginering   |       |                         |
    |      |                 |Special      |       |                         |
    |      |                 |available on |       |                         |
    |      |                 |request      |       |                         |
    |------+-----------------+-----------------------------------------------+
    |12.2DD|Early Deployment |Migrate to 12.3(1a)                            |
    |      |Release          |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.2DX|Early Deployment |Migrate to 12.3(1a)                            |
    |      |Release          |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.2JA|Cisco Aironet    |             |       |12.2(11)JA               |
    |      |hardware         |             |       |                         |
    |      |platforms:       |             |       |                         |
    |      |Introduction of  |             |       |                         |
    |      |Access Point     |             |       |                         |
    |      |feature in IOS,  |             |       |                         |
    |      |Cisco 1100 Series|             |       |                         |
    |      |Access Point     |             |       |                         |
    |      |(802.11b)        |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2MB|Specific         |12.2(4)MB12  |       |                         |
    |      |Technology ED for|             |       |                         |
    |      |2600 7500 (GPRS/ |             |       |                         |
    |      |PDSN/GGSN        |             |       |                         |
    |      |2600/7200/7500)  |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2MC|Early Deployment:|12.2(13)MC1  |       |                         |
    |      |IP RAN           |CCO: 7/24/03 |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2MX|                 |12.2(8)YD    |       |                         |
    |      |                 |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2S |Core/ISP support:|12.2(14)S1   |12.2   |                         |
    |      |GSR, RSP, c7200  |             |(16.5)S|                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2SX|IOS Support for  |12.2(14)SX1  |       |                         |
    |      |C6500 Supervisor |             |       |                         |
    |      |3                |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2SY|VPN feature      |12.2(14)SY1, |       |                         |
    |      |release for c6k/ |12.2(8)YD    |       |                         |
    |      |76xx VPN service |             |       |                         |
    |      |module.          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2SZ|7304 Platform    |12.2(14)SZ2  |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |      |                 |12.2(15)T4/  |       |No more maintenance      |
    |      |New Technology   |5,12.2(13)T5,|       |trains for 12.2T are     |
    |12.2T |Early Deployment |12.2(11)     |12.2   |planned, please migrate  |
    |      |(ED) release for |T9,12.2(8)   |(16.5)T|to latest 12.3 Mainline  |
    |      |all platforms    |T10,         |       |release.                 |
    |      |                 |12.2(4)T6    |       |                         |
    |------+-----------------+-----------------------------------------------+
    |12.2X |Short lived Early|Many short lived releases migrate to the same  |
    |(l)   |Deployment       |train; the trains below this point until the   |
    |12.2Y |Releases -       |following section are not grouped by strict    |
    |(l)   |                 |alphabetical order, but are grouped by         |
    |      |                 |migration path. Please review documented       |
    |      |                 |migration paths for your trains.               |
    |------+-----------------+-----------------------------------------------+
    |12.2XA|Short lived Early|Migrate to 12.2(11)T9                          |
    |      |Deployment       |                                               |
    |      |Releases         |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.2XS|                 |12.2(2)XB11                                    |
    |------+-----------------+-----------------------------------------------+
    |12.2XD|Short lived Early|Migrate to 12.2(15)T5                          |
    |12.2XE|Deployment       |                                               |
    |12.2XH|Releases         |                                               |
    |12.2XI|                 |                                               |
    |12.2XJ|                 |                                               |
    |12.2XK|                 |                                               |
    |12.2XL|                 |                                               |
    |12.2XM|                 |                                               |
    |12.2XQ|                 |                                               |
    |12.2XU|                 |                                               |
    |12.2XW|                 |                                               |
    |12.2YA|                 |                                               |
    |12.2YB|                 |                                               |
    |12.2YC|                 |                                               |
    |12.2YF|                 |                                               |
    |12.2YG|                 |                                               |
    |12.2YH|                 |                                               |
    |12.2YJ|                 |                                               |
    |12.2YT|                 |                                               |
    |------+-----------------+-----------------------------------------------+
    |      |Short lived Early|                                               |
    |12.2YN|Deployment       |Migrate to 12.2(13)ZH                          |
    |      |Releases         |                                               |
    |------+-----------------+-----------------------------------------------+
    |      |Short lived Early|Migrate to 12.2(14)SY1 available Aug-4-2003:   |
    |12.2YO|Deployment       |Engineering Special available on request       |
    |      |Releases         |                                               |
    |------+-----------------+-----------------------------------------------+
    |      |Early Deployment |             |       |                         |
    |12.2XB|Release with     |12.2(2)XB11  |       |                         |
    |      |continuing       |             |       |                         |
    |      |support          |             |       |                         |
    |------+-----------------+-----------------------------------------------+
    |12.2XC|Short lived Early|Migrate to 12.2(16)B1                          |
    |      |Deployment       |                                               |
    |      |Releases         |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.2XF|Short lived Early|Migrate to 12.2(15)BC1                         |
    |      |Deployment       |                                               |
    |      |Release UBR10000 |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.2XG|Short lived Early|Migrate to 12.2(8)T10                          |
    |      |Deployment       |                                               |
    |      |Release          |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.2XN|Short lived Early|Migrate to 12.2(11)T9                          |
    |12.2XT|Deployment       |                                               |
    |      |Releases         |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.2YD|Short lived Early|Migrate to 12.2(8)YY                           |
    |      |Deployment       |                                               |
    |      |Release          |                                               |
    |------+-----------------+-----------------------------------------------+
    |      |Short lived Early|             |       |                         |
    |12.2YP|Deployment       |**12.2(11)YP1|       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-----------------------------------------------+
    |12.2YK|                 |Migrate to 12.2(13)ZC                          |
    |------+-----------------+-----------------------------------------------+
    |12.2YL|Short lived Early|Migrate to 12.2(13)ZH                          |
    |12.2YM|Deployment       |                                               |
    |12.2YU|Releases         |                                               |
    |12.2YV|                 |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.2YQ|Short lived Early|Migrate to 12.2(15)ZL                          |
    |12.2YR|Deployment       |                                               |
    |      |Releases         |                                               |
    |------+-----------------+-----------------------------------------------+
    |12.2YS|Short lived Early|12.2(15)YS/  |       |                         |
    |      |Deployment       |1.2(1)       |       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2YW|Short lived Early|12.2(8)YW2   |       |                         |
    |      |Deployment       |             |       |                         |
    |      |Releases         |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2YX|Short lived Early|12.2(11)YX1  |       |                         |
    |      |Deployment       |             |       |                         |
    |      |Release          |             |       |                         |
    |      |Crypto for 7100/ |             |       |                         |
    |      |7200             |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2YY|Short lived Early|12.2(8)YY3   |       |                         |
    |      |Deployment       |             |       |                         |
    |      |Releases         |             |       |                         |
    |      |IOS support for  |             |       |                         |
    |      |General Packet   |             |       |                         |
    |      |Radio Service    |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2YZ|Short lived Early|12.2(11)YZ2  |       |                         |
    |      |Deployment       |             |       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2ZA|Short lived Early|             |       |12.2(14)ZA2              |
    |      |Deployment       |             |       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2ZB|Short lived Early|12.2(8)ZB7   |       |                         |
    |      |Deployment       |             |       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2ZC|Short lived Early|             |       |12.2(13)ZC               |
    |      |Deployment       |             |       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2ZD|Short lived Early|Not Scheduled|       |                         |
    |      |Deployment       |             |       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2ZE|Short lived Early|12.3(1a)     |       |                         |
    |      |Deployment       |             |       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2ZF|Short lived Early|Not          |       |                         |
    |      |Deployment       |Vulnerable   |       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2ZG|Short lived Early|Not          |       |                         |
    |      |Deployment       |Vulnerable   |       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2ZH|Short lived Early|Not          |       |                         |
    |      |Deployment       |Vulnerable   |       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2ZJ|Short lived Early|12.2(15)ZJ1  |       |                         |
    |      |Deployment       |             |       |                         |
    |      |Release          |             |       |                         |
    |------+-----------------+-------------+-------+-------------------------+
    |12.2ZL|Short lived Early|Not          |       |                         |
    |      |Deployment       |Vulnerable   |       |                         |
    |      |Release          |             |       |                         |
    |------------------------+-----------------------------------------------+
    |12.3 based releases     |NOT VULNERABLE                                 |
    |------------------------------------------------------------------------+
    |Notes: **Marked versions of code are not available on CCO. Please       |
    |contact TAC and request the specific images you need posted.            |
    +------------------------------------------------------------------------+
    yeah, I\'m gonna need that by friday...

  4. #4
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    Does anyone got the idea of the packet type involved in the bug?

    By looking at the ACL workaround its not UDP,TCP, GRE, IPSEC, ICMP,AH.
    (N.B. It seems that the workaround would not work on interfaces running RIP or OSPF....)
    [shadow] SHARING KNOWLEDGE[/shadow]

  5. #5
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    Exclamation

    The situation may be a little more urgent now. The exploit for this DoS vulnerability has been made public. See this article in the Register: Cisco IOS DoS exploit released in the wild

    You can also look at the updated and revised Cisco Advisory

  6. #6
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    Originally posted here by Tampabay420
    from reading the advisory, it would seem that the it doesn't matter whether or not it's a UDP or TCP, et cetera... IPv4 is where the vuln. is... or am i way off? someone back me up ?
    I think that the DOS vuln is ignitiated by a specific train of forged packet based on IP protocol field with value different than:UDP,TCP, GRE, IPSEC, ICMP,AH.
    Smth like unspecified IANA values ....
    There is more detail on cco but users must be register with a high level (retailer, partners), if sm1 around can access these info it would be very valuable to tune the ACL workaround.
    [shadow] SHARING KNOWLEDGE[/shadow]

  7. #7
    Senior Member tampabay420's Avatar
    Join Date
    Aug 2002
    Posts
    953
    Code:
                                 ==Phrack Inc.==
    
                   Volume 0x0b, Issue 0x3c, Phile #0x07 of 0x10
    
    |=-------------=[ Burning the bridge: Cisco IOS exploits ]=--------------=|
    |=-----------------------------------------------------------------------=|
    |=----------------=[ FX of Phenoelit <fx@phenoelit.de> ]=----------------=|
    
    --[ Contents
    
      1 - Introduction and Limitations
      2 - Identification of an overflow
      3 - IOS memory layout sniplets
      4 - A free() exploit materializes
      5 - Writing (shell)code for Cisco
      6 - Everything not covered in 1-5
    link -> http://www.phrack.org/phrack/60/p60-0x07.txt
    yeah, I\'m gonna need that by friday...

  8. #8
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    Perhaps after this companies well finally relies that obscurity != security. Cisco didn't tell us what protocol the bug effected in hops that an exploit would be harder to make...that’s just dumb. Between this and the MS sploit I am glad my consulting firm charges an insanely high rate for weekend work, the non-contractors at my company are in for a long weekend of patching and testing.
    Who is more trustworthy then all of the gurus or Buddha’s?

  9. #9
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    These are the packet types that are vulnerable according to the updated Cisco advisory:

    IP Protocol 53 -- SWIPE -- a network-layer encrypted encapsulation protocol for IP; pre-dates IPsec and seems not to have been widely implemented

    IP Protocol 55 -- IP Mobility -- a minimal encapsulation scheme developed to modify routing for IP datagrams

    IP Protocol 77 -- Sun Network Disk boot protocol -- a temporary protocol assignment that predates the invention of the Network File System in 1984.

    IP Protocol 103 -- Protocol Independent Multicast (PIM) -- a multicast routing protocol designed to thrive in sparsely populated wide area networks, and the only one of the vulnerable protocols that appears to still be in active use and development.

  10. #10
    12.3 1a <-- this version hasn't been in the Fixed-Series in advisiory.

    But it's completed immume with the above Bugs.

    I've tested it with my own lab.
    My DoS program was written in Java, sending multiple packets with protocol fiend 109 to the Router.

    12.3 1a was complie in 1-6-2003 for 2500
    The 2500 series has been EOL and EOS very long time ago, still Cisco release the new version, this question if Cisco has known this bugs for long, at least before 1-6-2003. So i guess the impact won't be messy.
    Let\'s go to Paramount Great America !!!! LFC (LookingForChick)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •